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DETAILED ACTION 

1 . Claims 1 -9 have been cancelled as per Applicant's preliminary amendment. 

2. Claims 1 0-22 have been presented for examination. 

Priority 

3. Acknowledgment is made of applicant's claim for foreign priority. 

Specification 

4 The disclosure is objected to because it contains an embedded hyperlink (page 3, i.e. 
www.yahoo.com) and/or other form of browser-executable code. Applicant is required to delete 
the embedded hyperlink and/or other form of browser-executable code. See MPEP § 608.01. 
##. The use of the trademark Apache has been noted in this application. It should be 
capitalized wherever it appears and be accompanied by the generic terminology. 

##. Although the use of trademarks is permissible in patent applications, the proprietary 
nature of the marks should be respected and every effort made to prevent their use in any manner 
which might adversely affect their validity as trademarks. 

Claim Rejections - 35 USC § 112 

5 The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

6 The phrase M as little as possible" in claims 10-22 is a relative phrase, which renders the 
claim indefinite. The phrase M as little as possible" is not defined by the claim, the specification 
does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the 
art would not be reasonably apprised of the scope of the invention. See MPEP § 2173.05(b). 
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Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another. filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

8. Claims 10-22 are rejected under 35 U.S.C. 102(e) as being anticipated by U.S. Patent No. 
7,013,482 to Krumel, hereinafter Krumel. 

9. As per claim 10, Krumel teaches a method for securing logical access to information 
and/or computing resources in a group of computer equipment while slowing down said logical 
access as little as possible, said group of computer equipment exchanging data with a computer 
telecommunication network via an access device comprising an operating system, and said data 
comprising transported data that conform to at least one application protocol, as well as transport 
data, said method comprising the steps of: 

defining a finite-state machine for each application protocol (column 6, lines 43-64, i.e. 
fixed state machine); 

modeling each finite-state machine in the form of a model (Figures 2 [blocks 36-1, 36-N], 
3 [blocks 46, 48, 50, 52], 4 [block 64], 5 [block 81], 7 [blocks 140-1, 140-N], column 6, line 64 
to column 1, line 52, column 10, lines 58-67, column 12, lines 39-46, i.e. state rule filters are 
generated based on data and communication state information to determine how to handle the 
incoming data packets); 
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generating from each model, an analysis module for each application protocol by means 
of an interpreter (Figures 2 [blocks 36-1, 36-N], 3 [blocks 46, 48, 50, 52], 4 [block 64], 5 [block 
81], 7 [blocks 140-1, 140-N], column 7, lines 1-52, column 10, lines 58-67, column 12, lines 39- 
46, i.e. rules engines, the packet is analyzed to determine what filtering to perform and how to 
deconstruct the datagram, determine the IP characteristics and how further filtering will be 
performed); and 

filtering the transported data in said operating system by means of said analysis modules 
(Figures 2 [blocks 26, 42], 3 [blocks 46, 48, 50, 52], 4 [blocks 46, 76], 5 [block 106], 8 [blocks 
153, 154], column 7, lines 1-22, column 7, lines 53-65, column 8, line 52 to column 9, line 4, i.e. 
initiating filtering rules via a plurality of rules engines). 

10. Regarding claim 11, Krumel teaches the step of verifying the conformity of said 
transported data with the application protocols involved by means of said analysis modules 
(Figures 2 [block 22], 3 [block 44], column 6, lines 43-63, column 8, line 60 to column 9, line 4). 

11. Regarding claim 12, Krumel teaches the step of restricting the capabilities offered by an 
application protocol by means of said analysis module (Figures 2 [blocks 24, 28], 3 [blocks 46, 
48, 50, 52], column 7, lines 52-65, column 8, lines 52-59* i.e. rules controller, rules aggregator 
combine to form decision whether to pass/fail data packet, filtering rules are based on packet 
characteristics and connection state information). 
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12. With regards to claim 13, Krumel teaches the step of restricting the capabilities offered 
by an application protocol by means of said analysis module (Figures 2 [blocks 24, 28], 3 [blocks 
46, 48, 50, 52], column 7, lines 52-65, column 8, lines 52-59, i.e. rules controller, rules 
aggregator combine to form decision whether to pass/fail data packet, filtering rules are based on 
packet characteristics and connection state information). 

1 3. With regards to claim 14, Krumel teaches the step of parameterizing said analysis 
modules in accordance with predetermined restrictions by a network administrator (Figure 9 
[block 176, 180, 181, 182], column 18, lines 35-54, i.e. toggles may be used for reconfiguring or 
updating the system, providing updated filtering algorithms). 

14. As per claim 15, Krumel teaches an access device for securing logical access to 
information and/or computing resources in a group of computer equipment while slowing down 
said logical access as little as possible, said group of computer equipment exchanging data with a 
computer telecommunication network via said access device, and said data comprising 
transported data that conform to at least one application protocol, as well as transport data, said 
access device comprising: 

an operating system that includes an appropriate analysis module for each application 
protocol (Figures 2 [blocks 36-1, 36-N], 3 [blocks 46, 48, 50, 52], 4 [block 64], 5 [block 81], 7 
[blocks 140-1, 140-N], column 7, lines 1-52, column 10, lines 58-67, column 12, lines 39-46, i.e. 
rules engines, the packet is analyzed to determine what filtering to perform and how to 
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deconstruct the datagram, determine the IP characteristics and how further filtering will be 
performed); 

a filtering module for filtering said transported data in said operating system by means of 
said analysis modules (Figures 2 [blocks 26, 42], 3 [blocks 46, 48, 50, 52], 4 [blocks 46, 76], 5 
[block 106], 8 [blocks 153, 154], column 7, lines 1-22, column 7, lines 53-65, column 8, line 52 
to column 9, line 4, i.e. initiating filtering rules via a plurality of rules engines). Microsoft 
Computer Dictionary states that an operating system is the software that controls the allocation 
and usage of hardware resources, such as memory, central processing unit time, disk space, and 
peripheral devices; the operating system is the foundation software on which applications 
depend. An operating system is essential for computing devices and, although it is not stated 
explicitly, a component of the Krumel patent. Krumel's co-pending application U.S. 
2002/0083331 Al provides examples of the operating system in at least figures 18-20. 

15. Regarding claim 16, Krumel teaches wherein each analysis module implements a finite- 
state machine representing a given application protocol (Figures 2 [block 42], 8 [blocks 153, 
154], column 7, lines 4-22, column 15, line 29 to column 16, line 15, i.e. based on state 
connection information, filtering rules are initiated via a plurality of rules engines). 

16. Regarding claim 17, Krumel teaches wherein said analysis modules comprises a first 
information processing module for verifying the conformity of said transported data with said 
application protocols involved (Figures 2 [block 22], 3 [block 44], 4 [block 64], 5 [block 81], 6 
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[blocks 1 10, 112], 7 [block 133], 8 [block 150], column 6, lines 43-53, column 8, line 60 to 
column 9, line 4, column 10, line 58 to column 11, line 5, column 12, lines 39-47). 

17. Regarding claim 18, Krumel teaches wherein said analysis modules comprises an 
information processing module for restricting the capabilities offered by an application protocol 
(Figures 2 [blocks 24, 28], 3 [blocks 46, 48, 50, 52], column 7, lines 52-65, column 8, lines 52- 
59, i.e. rules controller, rules aggregator combine to form decision whether to pass/fail data 
packet, filtering rules are based on packet characteristics and connection state information). 

1 8. With regards to claim 1 9, Krumel teaches a parameterization module for parameterizing 
said analysis modules in accordance with predetermined restrictions by a network administrator 
(Figure 9 [block 176, 180, 181, 182], column 18, lines 35-54, i.e. toggles may be used for 
reconfiguring or updating the system, providing updated filtering algorithms). 

19. With regards to claim 20, Krumel teaches wherein said analysis modules comprises a first 
information processing module for verifying the conformity of said transported data with said 
application protocols involved (Figures 2 [block 22], 3 [block 44], column 6, lines 43-63, column 
8, line 60 to column 9, line 4). 

20. With regards to claim 21 , Krumel teaches wherein said analysis modules comprises an 
information processing module for restricting the capabilities offered by an application protocol 
(Figures 2 [blocks 24, 28], 3 [blocks 46, 48, 50, 52], column 7, lines 52-65, column 8, lines 52- 
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59, i.e. rules controller, rules aggregator combine to form decision whether to pass/fail data 
packet, filtering rules are based on packet characteristics and connection state information). 

21 . With regards to claim 22, Krumel teaches wherein said analysis modules comprises a 
second information processing module for restricting the capabilities offered by an application 
protocol (Figures 2 [blocks 24, 28], 3 [blocks 46, 48, 50, 52], column 7, lines 52-65, column 8, 
lines 52-59, i.e. rules controller, rules aggregator combine to form decision whether to pass/fail 
data packet, filtering rules are based on packet characteristics and connection state information, 
the level 2, 3, 4, filters). 

Conclusion 

22. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

23. The following patents are cited to further show the state of the art with respect to stateful 
firewalls, such as: 

United States Patent Application Publication No. 2002/0083331 Al to Krumel, which is 
cited to show a co-pending application to the one that was used to reject the claims in the instant 
application. 

United States Patent No. 7,107,609 B2 to Cheng et al., which is cited to show a stateful 
firewall cluster. 

United States Patent No. 6,141,749 to Coss et al., which is cited to show a firewall with 
stateful packet filtering. 
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United States Patent Application Publication No. 2003/0051 155 Al to Martin, which is 
cited to show a state machine used to grant access via a firewall. 

United States Patent No. 6,349,405 Bl to Welfeld, which is cited to show a packet 
classification system that uses a state machine. 

24. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christian La Forgia whose telephone number is (571) 272-3792. 
The examiner can normally be reached on Monday thru Thursday 7-5. 

25. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

26. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 


information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 


Christian LaForgia 
Patent Examiner 
Art Unit 2131 
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